Setting Trust Between Systems

Objective

After completing this lesson, you will be able to explain trust relationships between systems and establish, configure, and validate secure trust relationships among SAP Cloud Integration, SAP S/4HANA Cloud, and SAP Commerce Cloud — including certificate exchange, keystore setup, and verification steps.

Explain What Trust Relationships Between Systems Are

Trust relationships enable you to establish secure connections between known servers whose identity can be confirmed by a signed certificate. For integrating SAP S/4HANA Cloud and SAP Commerce Cloud, you’ll set up the trust relationships between SAP S/4HANA Cloud and Cloud Integration, and trust relationships between Cloud Integration and SAP Commerce Cloud.

That means you need to download the certificate of the Cloud Integration tenant via a web browser and import it to SAP S/4HANA Cloud. Once the Cloud Integration certificate is installed on SAP S/4HANA Cloud, the SAP S/4HANA Cloud server can identify and trust the Cloud Integration server and allow it to securely connect to SAP S/4HANA Cloud. The same is applies for Cloud Integration and SAP Commerce Cloud.

Establish Trust Relationships Between Cloud Integration and SAP S/4HANA Cloud

Trust relationships enable you to establish secure connections between known servers whose identity can be confirmed by a signed certificate. You need to download the certificate of the Cloud Integration tenant via a web browser and import it to SAP S/4HANA Cloud. Google Chrome is used as the default browser.

Access Cloud Integration using the following format URL:
Link: https://<tenant management node>/itspaces
In the browser bar, choose the lock icon and then Certificate (Valid) of your secure connection.
In the Certificate dialog box, go to the Details tab.
Choose Copy to File.
In the Certificate Export Wizard dialog box, choose Next.
Select Base-64 encoded X.509 (.CER) and choose Next.
Caution
Certificates can be exported in a variety of file formats.
Specify the name of the file, and save it to the desktop by default. Choose Next.
Choose Finish. A message tells you that the export was successful.

After successfully downloading the certificate, it must be uploaded to SAP S/4HANA Cloud. Use the following steps to achieve this.

Log on to your SAP S/4HANA Cloud system as an administrator.
Open the Maintain Certificate Trust List. Your user needs to have the SAP_BR_ADMINISTRATOR Business Role.
Next to the Certificate Trusts table, choose to add using the + icon.
In the Upload Certificate dialog box, browse for the SAP Cloud Integration certificate that you've downloaded, and choose Upload. A system message informs you that the certificate has been uploaded.

Establish Trust Relationships Between Cloud Integration and SAP Commerce Cloud

To maintain a trust relationship between Cloud Integration and SAP Commerce Cloud, you need to download the Cloud Integration certificate, then upload it to SAP Commerce Cloud from the SAP Commerce Cloud Portal.

SAP Commerce Cloud Portal Security, Trusted Certificates tab showing a table of certificates with columns for Name, Alias, Issuer, Domains, and Expiry.

Once the Cloud Integration certificate is uploaded, your SAP Commerce Cloud environments can reference and deploy it to the SAP Commerce Cloud cluster containers. To be specific, the SAP Cloud Integration certificate will be installed in the Java Virtual Machine (JVM) trust store of the containers running in the SAP Commerce Cloud Kubernetes (K8S) cluster.

SAP Commerce Cloud Portal, Deployment Configuration screen showing the Trusted Certificates section with an open Add Trusted Certificate dropdown listing certificate names, also Save/Cancel buttons and a right-side guide with upload steps.

Continue to quiz